VMware Driver Vulnerability in OpenStack Compute by OpenStack
CVE-2014-2573
Currently unrated
Summary
The VMware driver in OpenStack Compute (Nova) versions 2013.2 to 2013.2.2 is susceptible to an improper handling of virtual machine (VM) states. This vulnerability can be exploited by authenticated users who can manipulate the state of a VM by placing it into RESCUE status. Once in this state, users can bypass imposed quota limits and potentially lead to a denial of service by repeatedly requesting the VMs to be put into rescue mode and subsequently deleting the associated images. This manipulation opens the potential for resource consumption issues within the OpenStack environment.
References
Timeline
Vulnerability published
Vulnerability Reserved